tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updates on 2FA all users feature

This commit is contained in:
marcos 2020-10-06 17:02:58 +02:00
parent e5fe9d5c29
commit 848f60229a
7 changed files with 351 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
pandora_console/general/register.php
View File

@ -183,6 +183,89 @@ try {
$welcome = false;
}
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $config['id_user']);
if (!$double_auth_enabled && $config['2FA_all_users'] != ''
&& $config['2Fa_auth'] != '1'
&& $config['double_auth_enabled']
) {
echo '<div id="doble_auth_window" style="display: none"; >';
?>
<script type="text/javascript">
var userID = "<?php echo $config['id_user']; ?>";
console.log(userID);
var $loadingSpinner = $("<img src=\"<?php echo $config['homeurl']; ?>/images/spinner.gif\" />");
var $dialogContainer = $("div#doble_auth_window");
$dialogContainer.html($loadingSpinner);
// Load the info page
var request = $.ajax({
url: "<?php echo ui_get_full_url('ajax.php', false, false, false); ?>",
type: 'POST',
dataType: 'html',
data: {
page: 'include/ajax/double_auth.ajax',
id_user: userID,
get_double_auth_info_page: 1,
containerID: $dialogContainer.prop('id')
},
complete: function (xhr, textStatus) {
},
success: function (data, textStatus, xhr) {
// isNaN = is not a number
if (isNaN(data)) {
$dialogContainer.html(data);
}
// data is a number, convert it to integer to do the compare
else if (Number(data) === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>");
}
},
error: function (xhr, textStatus, errorThrown) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error loading the data').'</div></b>'; ?>");
}
});
$("div#doble_auth_window").dialog({
<?php config_update_value('2Fa_auth', ''); ?>
resizable: true,
draggable: true,
modal: true,
title: "<?php echo __('Double autentication activation'); ?>",
overlay: {
opacity: 0.5,
background: "black"
},
width: 500,
height: 400,
close: function (event, ui) {
<?php
if (!$double_auth_enabled) {
config_update_value('2Fa_auth', '1');
}
?>
// Abort the ajax request
if (typeof request != 'undefined'){
request.abort();
}
// Remove the contained html
$dialogContainer.empty();
//document.location.reload();
}
})
.show(); </script>
<?php
echo '</div>';
}
$newsletter = null;
?>

8
pandora_console/godmode/setup/setup_auth.php
View File

@ -329,12 +329,20 @@ echo '</form>';
$( document ).ready(function() {
//For change autocreate remote users
console.log($('input[type=checkbox][id=checkbox-double_auth_enabled]:checked').val());
if ($('input[type=checkbox][name=double_auth_enabled]:checked').val() == 1) {
$('#table1-2FA_all_users').show();
}
else {
$('#table1-2FA_all_users').hide();
}
$('input[type=checkbox][name=double_auth_enabled]').change(function () {
if ($('input[type=checkbox][name=double_auth_enabled]:checked').val() == 1) {
$('#table1-2FA_all_users').show();
}
else {
$('#table1-2FA_all_users').hide();
$('input[type=checkbox][name=2FA_all_users][value=0]').prop('checked', false);
}
}).change();
});

244
pandora_console/godmode/users/configure_user.php
View File

@ -1128,6 +1128,28 @@ if ($config['ehorus_user_level_conf']) {
$ehorus .= '</div>';
}
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $id);
if ($config['double_auth_enabled'] && check_acl($config['id_user'], 0, 'PM')) {
$double_authentication = '<div class="label_select_simple"><p class="edit_user_labels">'.__('Double authentication').'</p>';
if (($config['2FA_all_users'] == '' && !$double_auth_enabled)
|| ($config['double_auth_enabled'] == '' && $double_auth_enabled)
|| check_acl($config['id_user'], 0, 'PM')
) {
$double_authentication .= html_print_checkbox_switch('double_auth', 1, $double_auth_enabled, true);
}
// Dialog.
$double_authentication .= '<div id="dialog-double_auth" style="display:none"><div id="dialog-double_auth-container"></div></div>';
}
if ($double_auth_enabled && $config['double_auth_enabled'] && $config['2FA_all_users'] != '') {
$double_authentication .= html_print_button(__('Show information'), 'show_info', false, 'javascript:show_double_auth_info();', '', true);
}
if (isset($double_authentication)) {
$double_authentication .= '</div>';
}
if ($meta) {
enterprise_include_once('include/functions_metaconsole.php');
@ -1179,7 +1201,7 @@ echo '<div id="user_form">
<div class="edit_user_autorefresh white_box"><p style="font-weight:bold;">Extra info</p>'.$email.$phone.$not_login.$session_time.'</div>
</div>
<div class="user_edit_second_row white_box">
<div class="edit_user_options">'.$language.$access_or_pagination.$skin.$home_screen.$default_event_filter.$newsletter.'</div>
<div class="edit_user_options">'.$language.$access_or_pagination.$skin.$home_screen.$default_event_filter.$newsletter.$double_authentication.'</div>
<div class="edit_user_timezone">'.$timezone;
if (!is_metaconsole()) {
@ -1278,6 +1300,15 @@ if (!is_metaconsole()) {
var json_profile = $('#hidden-json_profile');
/* <![CDATA[ */
$(document).ready (function () {
$("input#checkbox-double_auth").change(function (e) {
e.preventDefault();
if (this.checked) {
show_double_auth_activation();
} else {
show_double_auth_deactivation();
}
});
$('input:radio[name="is_admin"]').change(function() {
if($('#radiobtn0002').prop('checked')) {
$('#metaconsole_agents_manager_div').show();
@ -1476,5 +1507,216 @@ function switch_ehorus_conf()
}
function show_double_auth_info () {
var userID = '<?php echo io_safe_output($id); ?>';
var $loadingSpinner = $("<img src=\"<?php echo $config['homeurl']; ?>/images/spinner.gif\" />");
var $dialogContainer = $("div#dialog-double_auth-container");
$dialogContainer.html($loadingSpinner);
console.log(userID);
// Load the info page
var request = $.ajax({
url: "<?php echo ui_get_full_url('ajax.php', false, false, false); ?>",
type: 'POST',
dataType: 'html',
data: {
page: 'include/ajax/double_auth.ajax',
id_user: userID,
get_double_auth_data_page: 1,
FA_forced: 1,
containerID: $dialogContainer.prop('id')
},
complete: function(xhr, textStatus) {
},
success: function(data, textStatus, xhr) {
// isNaN = is not a number
if (isNaN(data)) {
$dialogContainer.html(data);
}
// data is a number, convert it to integer to do the compare
else if (Number(data) === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>");
}
},
error: function(xhr, textStatus, errorThrown) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error loading the data').'</div></b>'; ?>");
}
});
$("div#dialog-double_auth")
.css('display','block')
.append($dialogContainer)
.dialog({
resizable: true,
draggable: true,
modal: true,
title: "<?php echo __('Double autentication information'); ?>",
overlay: {
opacity: 0.5,
background: "black"
},
width: 400,
height: 375,
close: function(event, ui) {
// Abort the ajax request
if (typeof request != 'undefined')
request.abort();
// Remove the contained html
$dialogContainer.empty();
}
})
.show();
}
function show_double_auth_activation () {
var userID = '<?php echo io_safe_output($id); ?>';
var $loadingSpinner = $("<img src=\"<?php echo $config['homeurl']; ?>/images/spinner.gif\" />");
var $dialogContainer = $("div#dialog-double_auth-container");
$dialogContainer.html($loadingSpinner);
// Load the info page
var request = $.ajax({
url: "<?php echo ui_get_full_url('ajax.php', false, false, false); ?>",
type: 'POST',
dataType: 'html',
data: {
page: 'include/ajax/double_auth.ajax',
id_user: userID,
FA_forced: 1,
get_double_auth_info_page: 1,
containerID: $dialogContainer.prop('id')
},
complete: function(xhr, textStatus) {
},
success: function(data, textStatus, xhr) {
// isNaN = is not a number
if (isNaN(data)) {
$dialogContainer.html(data);
}
// data is a number, convert it to integer to do the compare
else if (Number(data) === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>");
}
},
error: function(xhr, textStatus, errorThrown) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error loading the data').'</div></b>'; ?>");
}
});
$("div#dialog-double_auth").dialog({
resizable: true,
draggable: true,
modal: true,
title: "<?php echo __('Double autentication activation'); ?>",
overlay: {
opacity: 0.5,
background: "black"
},
width: 500,
height: 400,
close: function(event, ui) {
// Abort the ajax request
if (typeof request != 'undefined')
request.abort();
// Remove the contained html
$dialogContainer.empty();
document.location.reload();
}
})
.show();
}
function show_double_auth_deactivation () {
var userID = '<?php echo io_safe_output($id); ?>';
console.log(userID);
var $loadingSpinner = $("<img src=\"<?php echo $config['homeurl']; ?>/images/spinner.gif\" />");
var $dialogContainer = $("div#dialog-double_auth-container");
var message = "<p><?php echo __('Are you sure?').'<br>'.__('The double authentication will be deactivated'); ?></p>";
var $button = $("<input type=\"button\" value=\"<?php echo __('Deactivate'); ?>\" />");
$dialogContainer
.empty()
.append(message)
.append($button);
var request;
$button.click(function(e) {
e.preventDefault();
$dialogContainer.html($loadingSpinner);
// Deactivate the double auth
request = $.ajax({
url: "<?php echo ui_get_full_url('ajax.php', false, false, false); ?>",
type: 'POST',
dataType: 'json',
data: {
page: 'include/ajax/double_auth.ajax',
id_user: userID,
FA_forced: 1,
deactivate_double_auth: 1
},
complete: function(xhr, textStatus) {
},
success: function(data, textStatus, xhr) {
console.log(data);
if (data === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else if (data) {
$dialogContainer.html("<?php echo '<b><div class=\"green\">'.__('The double autentication was deactivated successfully').'</div></b>'; ?>");
}
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error deactivating the double autentication').'</div></b>'; ?>");
}
},
error: function(xhr, textStatus, errorThrown) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error deactivating the double autentication').'</div></b>'; ?>");
}
});
});
$("div#dialog-double_auth").dialog({
resizable: true,
draggable: true,
modal: true,
title: "<?php echo __('Double autentication activation'); ?>",
overlay: {
opacity: 0.5,
background: "black"
},
width: 300,
height: 150,
close: function(event, ui) {
// Abort the ajax request
if (typeof request != 'undefined')
request.abort();
// Remove the contained html
$dialogContainer.empty();
document.location.reload();
}
})
.show();
}
/* ]]> */
</script>

4
pandora_console/include/ajax/double_auth.ajax.php
View File

@ -17,7 +17,9 @@ check_login();
// Security check
$id_user = (string) get_parameter('id_user');
if ($id_user !== $config['id_user']) {
$FA_forced = (int) get_parameter('FA_forced');
if ($id_user !== $config['id_user'] && $FA_forced != 1) {
db_pandora_audit(
'ACL Violation',
'Trying to access Double Authentication'

4
pandora_console/include/functions_config.php
View File

@ -1990,6 +1990,10 @@ function config_process_config()
config_update_value('welcome_state', WELCOME_STARTED);
}
if (!isset($config['2Fa_auth'])) {
config_update_value('2Fa_auth', '');
}
/*
* Parse the ACL IP list for access API
*/

3
pandora_console/index.php
View File

@ -389,6 +389,7 @@ if (! isset($config['id_user'])) {
}
$login_button_saml = get_parameter('login_button_saml', false);
config_update_value('2Fa_auth', '');
if (isset($double_auth_success) && $double_auth_success) {
// This values are true cause there are checked before complete
// the 2nd auth step.
@ -709,6 +710,8 @@ if (! isset($config['id_user'])) {
$redirect_url .= '&'.safe_url_extraclean($key).'='.safe_url_extraclean($value);
}
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $config['id_user']);
header('Location: '.ui_get_full_url('index.php'.$redirect_url));
exit;
// Always exit after sending location headers.

15
pandora_console/operation/users/user_edit.php
View File

@ -393,11 +393,13 @@ $timezone .= html_print_timezone_select('timezone', $user_info['timezone']).'</d
// Double auth.
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $config['id_user']);
if ($config['double_auth_enabled']) {
if ($config['double_auth_enabled'] || ($config['double_auth_enabled'] == '' && $double_auth_enabled)) {
$double_authentication = '<div class="label_select_simple"><p class="edit_user_labels">'.__('Double authentication').'</p>';
if ($config['double_auth_enabled']) {
$double_authentication .= html_print_checkbox_switch('double_auth', 1, 1, true);
} else {
if (($config['2FA_all_users'] == '' && !$double_auth_enabled)
|| ($config['2FA_all_users'] != '' && !$double_auth_enabled)
|| ($config['double_auth_enabled'] == '' && $double_auth_enabled)
|| check_acl($config['id_user'], 0, 'PM')
) {
$double_authentication .= html_print_checkbox_switch('double_auth', 1, $double_auth_enabled, true);
}
@ -405,7 +407,7 @@ if ($config['double_auth_enabled']) {
$double_authentication .= '<div id="dialog-double_auth" style="display:none"><div id="dialog-double_auth-container"></div></div>';
}
if ($double_auth_enabled) {
if ($double_auth_enabled && $config['double_auth_enabled'] && $config['2FA_all_users'] != '') {
$double_authentication .= html_print_button(__('Show information'), 'show_info', false, 'javascript:show_double_auth_info();', '', true);
}
@ -883,17 +885,14 @@ $(document).ready (function () {
$("#text-block_size").removeAttr('disabled');
}
}
var fa_enable = <?php echo $config['2FA_all_users']; ?>
$("input#checkbox-double_auth").change(function (e) {
e.preventDefault();
if(fa_enable != 1){
if (this.checked) {
show_double_auth_activation();
} else {
show_double_auth_deactivation();
}
}
});